Downloads

This document describes the rules for an IOS system using software-based IPSec encryption when used in accordance with FIPS 140-1 level 2 requirements. Please see [FIPS 140-1] for a full list of the FIPS 140-1 requirements.

Role-based authentication is used by the IOS. Two roles are defined: a User role, and a Crypto-Officer role. There is no maintenance role. Services available for each role are listed. Please see [UNIVERCD -found at the last page underReference Documents] for a detailed configuration description.

A user enters the system by accessing the console port with a terminal program.

The IOS prompts the user for their password, entered in plaintext. If it matches the plaintext password stored in IOS memory, the user is allowed entry to the IOS executive program. The non-cryptographic services available to the User role include the following:

Obtain non-encryption router status (e.g., state of an interface, state of layer 2 protocols, version of IOS cur-rently running)

The Crypto-Officer role is entered from the User role by typing the enable command and responding with an appropriate password. The enable password entered by the Crypto-Officer is compared to a password stored in the router memory. If two passwords match, the Crypto-Officer enters the Crypto-Officer role.

The non-cryptographic services available to the Crypto-Officer role include the following:

The following requirements relate to how the IOS system must be configured.

1. The tamper-evident labels must be placed according to the "Tamper-evident Label Placements" documentation prior to starting any of the services of the module. There are five tamper-evident labels that must be placed according to the documentation. If any of the labels were tampered with, the labels will clearly indicate that tampering has occurred. The tamper-evident labels have to two layers. Upon tampering, the second layer will be peeled with the word "VOID" appearing on the first layer, which will stay on the module. This will clearly show tamper evidence.

2. The IOS version must be an image of the following type: c2600-ik25-mz, release ___ or later.

3. The IOS version which is shipped with a router is the only allowable image. The loading of any other image is not allowed.

4. The value of the config-register which affects booting must be 0x0101 (the factory default). This setting disables "break" from the console to the ROM monitor, and specifies the first file in Flash to be the boot IOS image.

5. The Crypto-Officer must be present when the system is initialized and perform the initial configuration. The Crypto-Officer must create at least one Crypto-Officer role, as well as define the enable password for the Crypto-Officer role.

6. The Crypto-Officer shall always assign passwords to users.

7. The Crypto-Officer shall only assign users to a privilege level 1 (the default)

8. The Crypto-Officer shall not assign a command to any privilege level other than its default.

9. The following network services affect the security data items and must not be configured: SNMP, NTP, TACACS+, RADIUS, Kerberos.

10. Using RSA will take the module out of FIPS mode under IKE.

11. All terminal services must be disabled, except for the console. The following configuration disables login services on the auxiliary console line:

line aux 0

no exec

To disallow Telnet and x.29 access to the router, the following configuration must be used: